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Remarks 

Claims 1-10 and 12-24 are pending. 

Response to Arguments 

1 . Applicant's arguments, see Remarks, filed 7/7/2006, with respect to the 
rejection(s) of claim(s) 1-10 and 12-24 under 35 U.S.C. 103(a) have been fully 
considered and are persuasive. Therefore, the rejection has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made with 
Subramaniam (U.S. Patent 6,081,900) in view of Steiner (Steiner et al., "Kerberos: An 
Authentication Service for Open Network Systems", 3/30/1988, pp. 1-15). 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth In section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill In the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 12-23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Subramaniam (U.S. Patent 6,081 ,900) in view of Steiner (Steiner et al., "Kerberos: An 
Authentication Service for Open Network Systems", 3/30/1988, pp. 1-15). 

Regarding Claim 12, 

Subramaniam discloses a method for accessing a service by a user 
comprising: 
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A privilege server (Figure 1, numeral 140; and Column 8, line 47 to 
Column 9, line 10); 

A web adapter interposed between a client and the privilege server, 
as well as a service server (Figure 1, numeral 112; and Column 6, lines 
25-38); and 

Choosing a service in a service server (Column 6, lines 40-45); 

But does not explicitly disclose presenting a user ticket and 
sequence number to a service, sending a session name encrypted with 
the ticket and a user identification to a privilege server and requesting a 
session key and sequence number, receiving the session name from the 
user, validating the user ticket and a user privilege, when the user is 
validated, issuing the session key and sequence number for the ticket, 
encrypting the session key and sequence number with the ticket to form a 
packet, and sending the packet and ticket to the service. 

Steiner, however, discloses presenting a user ticket and sequence 
number to a service (Pages 5-7, Sections 4.0, 4.3, and 4.4); 

Choosing a service in a service server (Pages 5-7, Sections 4.0, 
4.3, and 4.4); 

Sending a session name encrypted with the ticket and a user 
identification to a privilege server and requesting a session key and 
sequence number (Pages 6-7, Sections 4.3 and 4,4); 
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Receiving the session name from the user (Pages 6-7, Sections 4.3 
and 4.4); 

Validating the user ticket and a user privilege (Pages 6-7, Sections 
4,3 and 4.4); 

When the user is validated, issuing the session key and sequence 
number for the ticket (Pages 6-7, Sections 4.3 and 4.4); 

Encrypting the session key and sequence number with the ticket to 
form a packet (Pages 6-7, Sections 4.3 and 4.4); and 

Sending the packet and ticket to the service (Pages 6-7, Sections 
4.3 and 4.4). It would have been obvious to one of ordinary skill in the art 
at the time of applicant's invention to incorporate the authentication 
. service of Steiner into the intranet access system of Subramaniam in 
order to provide an authentication scheme that is difficult to circumvent, 
reliable, transparent, and scalable (Pages 2-3, Section 1). 
Regarding Claim 13, 

Subramaniam discloses a system for authenticating a user having a 
user proxy for generating user information comprising: 

A web adapter coupled to the user proxy for receiving user 
information (Figure 1, numeral 112; and Column 6, lines 25-38); 

A service server coupled to the web adapter (Figure 1 , numeral 

104); 
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An intermediate server coupled to the web adapter for receiving the 
user information (Figure 1, numeral 106); and 

A privilege server coupled to the intermediate server (Figure 1, 
numeral 140; and Column 8, line 47 to Column 9, line 10); 

But does not explicitly disclose the privilege server receiving the 
user information and validating the user in response to the user 
information, the privilege server generating a ticket, the user proxy 
receiving the ticket, generating a token and communicating the token to 
the privilege server, the privilege server generating a packet having a 
sequence number and a session key in response to the token and 
coupling the ticket and the sequence number to a service server through 
the web adapter, and the service server validating the user and granting 
user privileges in response to the ticket and the session key. 

Steiner, however, discloses the privilege server receiving the user 
information and validating the user in response to the user information, the 
privilege server generating a ticket (Page 6, Section 4.2); 

The user proxy receiving the ticket (Page 6, Section 4.2), 
generating a token and communicating the token to the privilege server 
(Page 7, Section 4.4); 

The privilege server generating a packet having a sequence 
number and a session key in response to the token and coupling the ticket 



Application/Control Number: 10/022,578 Page 6 

Art Unit: 2137 

and the sequence number to a service server through the web adapter 
(Pages 6-7, Sections 4.3 and 4,4); and 

The service server validating the user and granting user privileges 
in response to the ticket and the session key (Pages 6-7, Section 4.3). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication service of Steiner 
into the intranet access system of Subramaniam in order to provide an 
authentication scheme that is difficult to circumvent, reliable, transparent, 
and scalable (Pages 2-3, Section 1). 

Regarding Claim 14, 

Subramaniam as modified by Steiner discloses the system of claim 
13, in addition, Subramaniam discloses that the intermediate server 
comprises a head end server (Figure 1, numeral 106). 

Regarding Claim 15, 

Subramaniam as modified by Steiner discloses the system of claim 
13. in addition, Steiner discloses that the user information comprises a 
user identification number (Pages 13-14). 

Regarding Claim 16, 

Subramaniam as modified by Steiner discloses the system of claim 
13, in addition, Steiner discloses that the privilege server has a policy 
engine therein (Pages 5-7, Section 4). 

Regarding Claim 17, 
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Subramaniam as modified by Steiner discloses the system of claim 
16. in addition, Steiner discloses that the privilege server comprises a key 
generator coupled to the policy engine (Pages 5-7, Section 4). 
Regarding Claim 18, 

Subramaniam as modified by Steiner discloses the system of claim 
16, in addition, Subramaniam discloses that the privilege server 
comprises a proxy coordinator coupled to the policy engine (Column 8, 
line 47 to Column 9, line 10). 
Regarding Claim 19, 

Subramaniam as modified by Steiner discloses the system of claim 
16, in addition, Steiner discloses that the privilege server comprises an 
obfuscator/deobfuscator coupled to the policy engine (Pages 5-7, Section 

4) . 

Regarding Claim 20, 

Subramaniam as modified by Steiner discloses the system of claim 
16, in addition, Steiner discloses that the privilege server comprises a 
store keeper coupled to the policy engine (Pages 5-9, Sections 4 and 5). 
Regarding Claim 21, 

Subramaniam as modified by Steiner discloses the system of claim 
20, in addition, Steiner discloses that the store keeper comprises a user 
information list and a session information list (Pages 5-9, Sections 4 and 

5) . 
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Regarding Claim 22, 

Subramaniam as modified by Steiner discloses the system of claim 
20, in addition, Steiner discloses that the service server validating the user 
and granting the user privileges in response to the ticket, session key, and 
sequence number (Pages 6-7, Section 4.3). 
Regarding Claim 23, 

Subramaniam discloses a method of authenticating a user having a 
user proxy for a network system having a privilege server, a head end 
server and a web adapter, the method comprising: 

Determining an authentication scheme at the privilege server 
(Column 8, line 47 to Column 9, line 10); and 

Validating the user at the privilege server in response to user 
information in accordance with the authentication scheme (Column 8, line 
47 to Column 9, line 10); 

But does not explicitly disclose when the user is validated, 
generating a ticket for the user at the privilege server, encrypting the ticket 
with a user password to form an encrypted ticket, validating the user in 
response to a service access request token formed from the ticket and a 
user identification, and forming a packet having a sequence number and 
session key encrypted with the ticket at the privilege server to authenticate 
the user. 
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Steiner, however, discloses validating the user at the privilege 
server in response to user information in accordance with the 
authentication scheme (Page 6, Section 4.2); 

When the user is validated, generating a ticket for the user at the 
privilege server (Page 6, Section 4.2); 

Encrypting the ticket with a user password to form an encrypted 
ticket (Page 6, Section 4.2); 

Validating the user in response to a service access request token 
formed from the ticket and a user identification (Page 7, Section 4.4); and 

Forming a packet having a sequence number and session key 
encrypted with the ticket at the privilege server to authenticate the user 
(Page 7, Section 4.4). It would have been obvious to one of ordinary skill 
in the art at the time of applicant's invention to incorporate the 
authentication service of Steiner into the intranet access system of 
Subramaniam in order to provide an authentication scheme that is difficult 
to circumvent, reliable, transparent, and scalable (Pages 2-3, Section 1). 



Allowable Subject Matter 

3. Claims 1-10 and 24 are allowed. 



Conclusion 
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The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Medivinsky (U,S. Patent Application Publication 2001/0047484), 
and Shambroom (U.S. Patent 7,062,781). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner 
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